Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2004-1006

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.

  • Published: Mar 1, 2005
  • Updated: Apr 13, 2023
  • CVE: CVE-2004-1006
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Software From Fixed in
isc / dhcpd 3.0_b2pl9 3.0_b2pl9.x
isc / dhcpd 3.0.1-rc9 3.0.1-rc9.x
isc / dhcpd 3.0.1-rc4 3.0.1-rc4.x
isc / dhcpd 3.0.1-rc5 3.0.1-rc5.x
isc / dhcpd 3.0.1-rc1 3.0.1-rc1.x
isc / dhcpd 3.0.1-rc10 3.0.1-rc10.x
isc / dhcpd 3.0 3.0.x
isc / dhcpd 3.0.1-rc14 3.0.1-rc14.x
isc / dhcpd 3.0-rc4 3.0-rc4.x
isc / dhcpd 3.0_pl2 3.0_pl2.x
isc / dhcpd 3.0.1-rc11 3.0.1-rc11.x
isc / dhcpd 3.0.1-rc8 3.0.1-rc8.x
isc / dhcpd 3.0.1-rc3 3.0.1-rc3.x
isc / dhcpd 3.0.1-rc13 3.0.1-rc13.x
isc / dhcpd 3.0.1-rc6 3.0.1-rc6.x
isc / dhcpd 2.0.pl5 2.0.pl5.x
isc / dhcpd 3.0_pl1 3.0_pl1.x
isc / dhcpd 3.0-rc12 3.0-rc12.x
isc / dhcpd 3.0_b2pl23 3.0_b2pl23.x
isc / dhcpd 3.0.1-rc2 3.0.1-rc2.x
isc / dhcpd 3.0.1-rc12 3.0.1-rc12.x
isc / dhcpd 3.0.1-rc7 3.0.1-rc7.x